Lesson 2: Implementing RIS - MCSE Training Kit, Microsoft Windows 2000 Active Directory Services [Electronic resources] نسخه متنی

Lesson 2: Implementing RIS

This section discusses the tasks necessary to implement RIS, including setting up and configuring RIS, creating an RIPrep image, creating an RIS boot disk, and verifying an RIS configuration.

After this lesson, you will be able to

Set up RIS

Configure RIS

Create an RIPrep image

Create an RIS boot disk

Verify an RIS configuration

Estimated lesson time: 30 minutes

Implementing RIS

To implement RIS you must complete the following tasks:

Set up RIS

Configure RIS

Create an RIPrep image

Create an RIS boot disk (optional)

Verify the RIS configuration

Setting Up RIS

RIS requires a two-stage setup process: adding the RIS component and installing RIS.

IMPORTANT
Refer to the "RIS Server and Client Requirements" section in Lesson 1 before attempting to set up RIS.

Adding the RIS Component

The first stage of RIS setup occurs when RIS is added as an optional component. This stage copies the files required for installation to the hard disk drive on the server. You can add the RIS component during Windows 2000 Server installation or after the server installation by using Add/Remove Programs.

To add the RIS component

Access the Windows Components Wizard in one of the following ways:

During Windows 2000 Server installation

Click Start, point to Settings, point to Control Panel, open Add/Remove Programs, then click Add/Remove Windows Components

In the Windows Components Wizard dialog box, shown in Figure 15.5, select the Remote Installation Services check box, then click Next.

Figure 15.5 Windows Components Wizard dialog box

Insert the Windows 2000 Server CD-ROM when prompted.

On the Completing The Windows Components Wizard page, click Finish.

In the System Settings Change message box, click Yes to restart the server before installing RIS.

Installing RIS

The second stage of RIS setup occurs when RIS is installed. This stage installs RIS on the server.

To install RIS

Click Start, point to Programs, point to Administrative Tools, then click Configure Your Server.

In the Configure Your Server dialog box, click Finish Setup.

In the Add/Remove Programs dialog box, in the Configure Remote Installation Services box, click Configure to start the Remote Installation Services Setup Wizard.

In the Welcome To The Remote Installation Services Setup Wizard dialog box, click Next.

Continue through the prompts provided by the Remote Installation Services Setup Wizard, including:

A location on the server where the RIS folder will be created

Whether the RIS server should begin servicing client computers immediately after completing setup

The location of the Windows 2000 Professional CD-ROM or a location on the network that contains the installation files

A location on the server where image installation files will be copied

A friendly description and associated help text that describes the OS image to users of the CIW

After the Remote Installation Services Setup Wizard completes, depending on the settings chosen, the RIS server either begins servicing client computers or pauses while you set RIS configuration options. The next section describes the configuration options available to an RIS administrator.

Configuring RIS

By default, an RIS server is not configured to begin servicing client computers immediately after the installation of RIS is completed. To configure RIS you must complete the following tasks:

Authorize RIS servers

Set RIS server properties

Set RIS client installation options

Set RIPrep image permissions

Authorizing RIS Servers

By specifying the RIS servers allowed to run on your network, you can prevent unauthorized (often referred to as rogue) RIS servers, ensuring that only RIS servers authorized by administrators can service clients. If an attempt is made to start an unauthorized RIS server on the network, it will be automatically shut down and thus unable to service client computers. An RIS server must be authorized before it can service client computers.

To authorize RIS servers

Click Start, point to Programs, point to Administrative Tools, then click DHCP.

In the DHCP console tree, click the DHCP node.

On the Action menu, click Manage Authorized Servers.

In the Manage Authorized Servers dialog box, click Authorize.

In the Authorize DHCP Server dialog box, type the name or IP address of the RIS server to be authorized, then click OK.

In the DHCP message box, click Yes.

In the Manage Authorized Servers dialog box, select the computer, then click OK.

The authorized RIS server is now listed under the DHCP node.

Setting RIS Server Properties

By setting properties on individual RIS servers, you control how the server supplies RIS to clients requesting service.

To set RIS server properties

Click Start, point to Programs, point to Administrative Tools, then click Active Directory Users And Computers.

In the console tree, click the folder that contains the computer whose configuration you want to verify, such as Computers or Domain Controllers.

In the details pane, right-click the applicable RIS server, then click Properties.

In the Properties dialog box for the server, click the Remote Install tab.

In the Remote Install tab (see Figure 15.6) of the Properties dialog box, set the options described in Table 15.1.

Figure 15.6 Remote Install tab

Table 15.1 Options on the Remote Install Tab of the Properties Dialog Box

In the Remote Install tab, click Advanced Settings.

In the Remote Installation Services Properties dialog box for the server, in the New Clients tab (see Figure 15.7), set the options described in Table 15.2.

Figure 15.7 New Clients tab on the Remote Installation Services Properties dialog box

Table 15.2 Options on the New Clients Tab of the Remote Installation Services Dialog Box

In the Remote Installation Services Properties dialog box for the server, in the Images tab (see Figure 15.8), view the images installed on the RIS server. Click Add and follow the directions in the wizard to install additional images on the RIS server. Refer to Lesson 3, "Administering RIS," for details.

Figure 15.8 Images tab on the Remote Installation Services Properties dialog box

In the Remote Installation Services Properties dialog box for the server, in the Tools tab (see Figure 15.9), view the maintenance and troubleshooting tools installed on the RIS server.

In the Remote Installation Services Properties dialog box, click OK.

In the Properties dialog box for the server, click OK.

Administrators wishing to remotely manage their servers from Windows 2000 Professional workstations can access the administrative tools by installing the Windows 2000 Administration Tools package located on the Windows 2000 Server CD-ROM.

Figure 15.9 Tools tab on the Remote Installation Services Properties dialog box

NOTE
When using Windows 2000 Administration Tools on a system other than the RIS server, the administrator cannot add additional OS images or verify the integrity of the RIS server. All other configuration options are available.

Setting RIS Client Installation Options

By setting the RIS client installation options, you can control the options presented to different groups of users during the CIW. There are four client installation options (see Figure 15.4) that can appear on the CIW:

Automatic Setup

Custom Setup

Restart A Previous Setup Attempt

Maintenance And Troubleshooting

Automatic Setup

The Automatic Setup option is the client installation option that all users of the Remote OS Installation feature have access to by default. The Automatic Setup option allows you to restrict the OS installation options so that that the user simply logs on and the OS installation starts automatically. The user is not prompted during the OS install, which avoids calls to help desk professionals for assistance and saves the organization additional expenses in support costs.

While restricting installation options, you can still allow users to choose the OS for installation. Remote OS Installation allows you to provide a friendly description and associated help text that describes the OS options so that an end user can choose the most appropriate OS.

By preselecting the Remote OS Installation configuration options, you predefine the automatic machine naming format and the location within Active Directory where client computer accounts will be created.

Custom Setup

The Custom Setup option is very similar to the Automatic Setup option, yet it provides you with the ability to set up a computer for another person within the organization. This option can be used to fully preinstall a client computer or to prestage the client computer by creating a corresponding computer account within the Active Directory service.

The Custom Setup option lets you override the automatic computer naming and location where the computer account is created within Active Directory. By default, the RIS server will generate a computer name based on a format defined by the Remote OS Installation administrator. You can also define where client computer account objects (CAO) will be created in the Active Directory service during the installation. By default, the automatic computer naming policy is set to create computer names based on the person who logs on to the CIW.

Restart A Previous Setup Attempt

The Restart A Previous Setup Attempt option is provided in the event that the installation of the OS fails for any reason. The CIW can be customized to ask a series of questions about the specific OS being installed. When restarting a failed OS setup attempt, the end user is not asked these questions again. Rather, Setup already has this information and simply restarts the file copy operation and completes the OS installation.

Maintenance And Troubleshooting

The Maintenance And Troubleshooting option provides access to third-party hardware and software vendor tools. These tools range from system BIOS flash updates and memory virus scanners to a wide range of computer diagnostic tools that check for hardware-related problems. These tools are available before installing and starting the OS on the client computer.

If the option to display the Maintenance And Troubleshooting menu is enabled, user access to individual tool images is controlled in the same way as OS options, by setting specific end user permissions on the individual answer file (.sif) for that tool. For example, you can allow end users access to only one computer diagnostic tool, yet provide help desk professionals with access to the entire suite of diagnostic tools. When the user calls a help desk professional for assistance, the professional can guide him or her through the diagnostic tool for retrieval of information necessary to diagnose the problem being encountered. If the help desk staff must visit the end user for further investigation, they simply log on to the CIW and, based on their credentials, they can access the tools they need to resolve the problem.

To set client installation options

Click Start, point to Programs, point to Administrative Tools, then click Active Directory Users And Computers.

In the console tree, right-click the applicable OU, such as Computers or Domain Controllers, click Properties, then click the Group Policy tab.

In the Properties dialog box for the group policy, click the group policy object (GPO), then click Edit to start group policy.

In the Group Policy console tree, click User Configuration, open Windows Settings, then click Remote Installation Services.

Double-click the Choice Options object.

In the Choice Options Properties dialog box (see Figure 15.10), the following installation options affect how the CIW appears to users:

Automatic Setup

Custom Setup

Restart Setup

Tools

Figure 15.10 Choice Options Properties dialog box

Click one of the following group policy options for each installation option:

Allow. Use this policy option to offer the installation option to users to which this policy applies.

Don't Care. Use this policy option to accept the policy settings of the parent container. For example, if the administrator for the entire domain has set group policy that is specific to RIS, and the administrator of this container has chosen the Don't Care option, the policy that is set on the domain is applied to all users that are affected by that policy. Don't Care is the default setting.

Deny. Use this policy option to deny the users that are affected by this policy access to the installation option.

In the Choice Options Properties dialog box, click OK.

Close the Group Policy snap-in, and then, in the Properties dialog box for the group policy, click OK.

NOTE
Because the changes that you make to RIS policy take effect only when the policy is propagated (applied) to your computer, do one of the following to initiate policy propagation:

Type secedit /refreshpolicy user_policy at the command prompt, then press Enter.

Restart your computer.

Wait for automatic policy propagation, which occurs at regular, configurable intervals. By default, policy propagation occurs every eight hours.

Setting RIPrep Image Permissions

By specifying which users or groups of users should have access to the RIPrep OS images available on the RIS server, you can guide users through the selection of the unattended OS installation appropriate for their role within the company. By default, when an OS image is added to an RIS server, the image will be
available to all users serviced by that RIS server.

To set RIPrep image permissions

Click Start, point to Programs, point to Accessories, then click Windows Explorer.

In the \RemoteInstall\Setup\applicable_language\Images\applicable_image_name\i386\templates folder (or the location on the server where you chose to copy image installation files), right-click the appropriate .sif file, then click Properties.

In the Properties dialog box for the file, click the Security tab.

Set the appropriate permissions to allow users access to images and click OK.

NOTE
To reduce the work involved in maintaining the security applied to images, where possible, set the security on the Templates folder of the image rather than the individual .sif files. Grant or restrict access to groups rather than individual users.

Create an RIPrep Image

To build and maintain standard desktops, many organizations use disk imaging or cloning software that allows you to configure a client computer exactly how you want it, and then make a copy of that image for installation on client computers on the network. Remote OS Installation supports creation and installation of standard desktop images using RIPrep images.

Before you can create an RIPrep image, you must complete the following tasks:

Create the source computer

Configure the workstation

Creating the Source Computer

To create the source computer, use the Remote OS Installation feature to remotely install the base Windows 2000 Professional OS. Once the OS is installed, you can install applications or application suites including in-house line of business (LOB) applications. Then configure the workstation to adhere to company policies. For example, you may choose to define specific screen colors, set the background bitmap to a company-based logo, remove any games installed by the base OS, and set Internet Explorer proxy settings.

Configuring the Workstation

When creating RIPrep images, it is important to understand the relationship of user profiles, the changes made to an RIPrep source computer, and the desired result for users that log on to computers that are installed using the RIPrep image. Applications that carry the "Certified for Windows" logo properly separate user-specific and computer-specific configuration settings and data, and can therefore be installed computer-wide so that they are available to all users of the system. Such applications would also then be available to all users of systems later installed with the resulting RIPrep image. Non-Windows 2000-compliant applications may perform and/or rely on per-user configurations that are specific to the profile of the user actually installing the application prior to running RIPrep (typically a local administrator), rather than to all users of the system. Such configurations remain specific to that user, which may result in the application or configuration setting not being available or not functioning properly for users of computers installed with the RIPrep image. In addition, some nonapplication configuration changes, such as the wallpaper specified for the user desktop, are by default applied only to the current user's profile and will not be applied to users of systems installed with the RIPrep image.

You must thoroughly test any applications or configuration settings desired for use in an RIPrep image to ensure they will work properly with your organization's implementation of user profiles. To test, make the change as one user (typically a local administrator of the computer), log off, and log on as a user account that is representative of your organization. If the changes you made are applied to the second user, the changes will also apply to users that log on to systems installed with an RIPrep image that contains the same change. To complete the test, create an RIPrep image, restore it to a different computer, and log on as a different representative user. Verify that the changes are applied and fully functional.

Some configuration settings can be copied directly from the profile they were applied to (the local administrator in the preceding example) the All Users profile, such as the desktop wallpaper, some Start menu options, and shortcuts. However, all such changes must be tested carefully to verify that their functionality is not broken by the manual adjustments.

Creating an RIPrep Image

When the workstation is configured exactly to specifications, you are ready to create an RIPrep image.

To create an RIPrep image

On the client workstation, click Start, click Run, then type the Universal Naming Convention (UNC) path of the RIPrep utility in the Open box and click OK. For example: \\Server\Share\RemoteInstall\Admin\I386\ RIPREP.EXE

In the Welcome To The Remote Installation Preparation Wizard dialog box, click Next.

Continue through the prompts provided by the Remote Installation Preparation Wizard, including the following:

Server Name. The name of the server to which this installation image will be copied. By default this is the server on which you are running the Remote Installation Preparation Wizard.

Folder Name. The name of the folder on the RIS server to which this installation image will be copied.

Friendly Description And Help Text. A friendly description and associated help text that describes the OS image to users of the CIW.

Stop all programs or services on the source computer before proceeding. Review the list of programs or services that are currently running on the source computer, close any running applications, then click Next.

Review the settings summary, then click Next.

Review the information from Completing The Remote Installation Preparation Wizard and click Next to replicate the source computer installation image onto the RIS server.

NOTE
If the source computer contains a 1 GB disk drive and the destination computer contains a 2 GB disk drive, by default RIS will format the destination computer's drive as a 2 GB partition in the same file system format as the source computer used to create the image.

After the initial image questions have been answered, the wizard configures the workstation to a generic state, removing anything unique to the client installation such as the computer's unique security identifier (SID), computer name, and any registry settings unique to that system. Once the preparation phase is complete, the image is automatically replicated to the RIS server provided. After the image is replicated to the RIS server, it is added to the list of available OS installation choices displayed within the CIW. At this point, any remote boot-enabled or compatible client computers that use the PXE-based remote boot technology can install the image.

The source computer shuts down when the image replication process is complete. The abbreviated Setup program automatically runs when you restart the source computer. Complete the setup process to use this client computer to create another installation image.

RIPrep Requirements

The destination computer (the computer that installs the image posted to the RIS server) is not required to contain hardware identical to that of the source computer that was used to create the image. RIPrep uses the Plug and Play support in the computer running Windows 2000 Professional to detect differences between the source and the destination computers' hardware during image installation. However, the hardware abstraction layer (HAL) drivers must be the same between the source computer and all destination computers that later install the image (for example, they both must be Advanced Configuration and Power Interface (ACPI)-based or both must be non-ACPI-based). In most cases, workstations do not require the unique HAL drivers that servers require.

The destination computer's disk capacity must be equal to or larger than that of the source computer.

All copies of Microsoft software made or installed using RIS must be properly licensed. All copies of other software made or installed using RIS must be properly licensed, and it is the licensee's obligation to ensure that it is licensed to make any such copies.

RIPrep Limitations

RIPrep currently supports replicating a single disk-single partition (C partition only) Windows 2000 Professional installation to an available RIS server. This means that the OS and all of the applications that make up the standard installation must reside on the C partition prior to running the Remote Installation Preparation Wizard.

The Remote Installation Preparation Wizard currently allows source image replication only to available RIS servers. Source replication to alternate drives or media types is not supported.

Replication of encrypted files is not supported.

Changes made in the source computer's registry before running the Remote Installation Preparation Wizard are not maintained in the installation image.

Modifications to replicated installation images are not supported.

Installation Image Sources

When you use the Remote Installation Preparation Wizard to create an installation image of a client computer that was originally installed using a retail version (rather than a Select or original equipment manufacturer [OEM] version) of Windows 2000 Professional, the RIS unattended setup answer file (RIPREP.SIF) must be modified to include the product identification number (PID). The PID is a unique identification number specific to each copy of Windows 2000 Professional used to identify the OS installation and track the number of copies installed throughout an organization.

NOTE
If the PID is not entered in the RIPREP.SIF file, the installation process will stop and prompt the user for the PID information during the installation of that RIPrep image.

To include the PID in the RIPREP.SIF file

Open the RIPREP.SIF file located at \RemoteInstall\Setup\applicable_ language\Images\applicable_image_name\I386\Templates\RIPREP.SIF.

Type ProductID = "xxxxx-xxx-xxxxxxx-xxxxx" (including the dashes and quotation marks, where x is the PID of the retail version of Windows 2000 Professional) into the [UserData] section of the RIPREP.SIF file.

The PID for each client installation is randomly generated using the PID entered in the RIPREP.SIF file.

When the source computer OS is installed from the Select or OEM version of the Windows 2000 Professional CD, the PID does not need to be modified in the RIPREP.SIF file.

Creating an RIS Boot Disk

You must create a boot disk to support existing client computers that do not have a PXE-based remote boot-enabled ROM but do have a supported network adapter. The RIS boot disk works like the PXE boot process: Turn on the computer, boot from the RIS boot disk, press F12 to initiate a network service boot, and the CIW is downloaded and starts. Once the CIW starts, the rest of the RIS process is identical regardless of whether the client was booted using a PXE boot ROM or the RIS remote boot disk.

To create an RIS boot disk

Click Start, click Run, then type the UNC path of the RBFG utility in the Open box and click OK. For example:

\\server\share\RemoteInstall\Admin\I386\RBFG.EXE

Insert a formatted disk into the disk drive.

In the Windows 2000 Remote Boot Disk Generator dialog box (see Figure 15.11), click the appropriate destination drive option (either Drive A or Drive B), and then click Create Disk.

Figure 15.11 Windows 2000 Remote Boot Disk Generator dialog box

Click Close when the disk is ready, then remove the disk from the disk drive.

NOTE
You can use the boot disk only with computers that contain supported PCI-based network adapters. To view the list of supported network adapters, click Adapter List in the Windows 2000 Remote Boot Disk Generator dialog box.

Verifying an RIS Configuration

RIS provides the ability to check the integrity of the RIS-enabled server. You can verify an RIS configuration if you suspect that the server is failing, if you are currently seeing inconsistent behavior, or if you need to restore an RIS volume from backup. The Check Server Wizard checks whether all of the settings,
services, and configuration options are correctly set and functioning.

To verify an RIS configuration

Click Start, point to Programs, point to Administrative Tools, then click Active Directory Users And Computers.

In the console tree, click the folder that contains the computer whose configuration you want to verify, such as Computers or Domain Controllers.

In the details pane, right-click the applicable RIS server, then click Properties.

In the Properties dialog box for the server, in the Remote Install tab, click Verify Server to start the Check Server Wizard.

On the Welcome To The Check Server Wizard page, click Next.

Read the summary on the Remote Installation Services Verification Complete page, then click Finish.

NOTE
If you are verifying the server configuration because you need to restore an RIS volume from backup, you must verify the server configuration before you restore the volume.

Lesson Summary

In this lesson you learned about the tasks necessary to implement RIS, including setting up and configuring RIS, creating an RIPrep image, creating an RIS boot disk, and verifying an RIS configuration.